User to device mapping and control
Start in IBM Worklight v6.1.0, the MobileFirst Server tracks the devices that access the system as part of the core runtime database. We can now enable the user to device mapping feature, which provides the ability for mobile operators or administrators to query their mobile systems by user. A device friendly name can also be established to see the devices that are mapped to a user. Further, specific controls can be applied to a user-app-device mapping to either disable that link or reactivate that link to address common situations. For example, a user loses a device and must block all access from that device. Another example is the requirement to block access to an app across all devices, or block access to an app on a device, when a user changes departments. Reactivation is available for all of these disablement control actions.
For the user to device mapping feature to work, a security realm must exist that establishes the user identity. The user identity is then used to associate the MobileFirst Device ID with the user. Developers can create custom challenge handlers or specific API calls to set a device friendly name as preferred by the user, programmatically. This feature helps in querying the device by its friendly name.
The following list shows what a mobile operator or admin can do with this set of features:
- Search for a device by friendly name or search by user name.
- A matching search yields all devices that belong to that user or the single device and the associated user, along with device model and information.
- The apps used on the device to access this system are also displayed.
The following list shows the available actions that can be taken for a queried device:
- Disable the specific device, marking the state as lost or stolen so that access from any of the apps on that device is blocked.
- Re-enable a disabled device so that access from the device to the MobileFirst Server is allowed.
- Disable a specific app, marking the state as disabled so that access from the specific app on that device is blocked.
- Re-enable that specific app on the device so that access from the specific app on the device to the MobileFirst Server is allowed.
Parent topic: Mobile application management